Cointime

Download App
iOS & Android

How to Stay Safe in DeFi: A Simple Guide to Evaluate Project Safety

The collapse of FTX proved the importance of self-custody and risk management.

But it’s so easy to lose money in DeFi if you are not careful with many exploits, rug pulls, contract bugs around.

In this blog I’d like to share how to evaluate safety of DeFi protocols to protect your assets.

It’s great if you’re an experienced smart contract developer and can verify the code yourself. But most of us aren’t.

It leaves us with no other choice, but to evaluate projects based on other data, that involves some degree of trust.

Total Value Lock, ultimate proof of security?

It’s no secret that the majority evaluate DeFi projects by how much value is deposited to the smart contracts. So, TVL is the ultimate proof of trust.

The higher the Total Value Locked, the higher the implied security of a protocol. If a lot of money is deposited, it means ‘someone’ did due diligence, and that protocol is secure.

Unfortunately, it gives a false sense of security. And high TVL protocols are actively targeted by hackers. At the same time, low TVL doesn’t mean a protocol is not secure.

Take a look at the top DeFi protocols by TVL.

  • Do you think that the TVL represents the level of security/safety?
  • Is there any protocol you wouldn’t trust with your money? Why?

There might be biases in you based on what you read online.

Trust, but verify?

‘Don’t trust, verify’ is the reason we have smart contract audits.

If that wasn’t the case, we might not need audits, because code is open source and community could find all the issues in the code. Yet the community might not have the right motivation, incentives or expertise to verify code.

Auditors are supposed to have the right technical expertise, but at the end of the day, we also have to trust them to do the right job.

Remember Twitter backlash against Certik because a few of their audited protocols ended up hacked?

Audit companies are building their reputation too. If the protocols they audit (and evaluated as safe) are exploited, then it shows lack of expertise. In fact, Certik has audited 3,422 projects, so no wonder some of them got hacked or had a bug.

Just having an audit doesn’t mean the protocol is safe. I’ve seen projects proudly announcing ‘Completed audit’, but when you read the audit the safety score is actually low.

The lesson is not to trust the announcements blindly, but verify the result by reading the actual audit.

What if you don’t read the audits?

The majority doesn’t read the audits anyway.

Knowing that Certik has a dashboard with all their audited projects. You can check the ‘Trust Score’ with higher number implying safety.

https://www.certik.com/

Other auditors like Hacken has a similar dashboard, or you could simply read the audit summary. Check the example, of Trader Joe’s audit done by Paladin.

You can see here that Trader Joe fixed high and medium severity issues, but not all low severity issues has been resolved.

https://paladinsec.co/projects/trader-joe-launchpeg/

Audit is just a start.

A lot more is needed to evaluate safety:

  • Adequate testing
  • Bounty campaigns
  • Documentation clarity
  • Admin controls
  • Oracle documentation

and much more… It’s a nightmare to verify it all yourself.

I really like what DefiSafety is doing. Its Process Quality Review verifies protocols and gives them a safety score.

https://www.defisafety.com/app?orderBy=finalScore

According to the PQR results, Liquity Protocol, Synthetix and Angle Protocol are the safest of all verified DeFi protocols.

On DefiSafety you can then check every element and see where the protocol scores the best/worst.

For example, Liquidy still needs Formal Verification.

Additionally, you can start by rating your portfolio safety on Exponential DeFi.

Its ‘Rate my wallet’ feature provides you with a custom risk analysis of your current investments. For example, $4.5M of Tetranode’s assets are deposited into riskier (C rank) protocols.

Elemental DeFi gives a score based on the project evaluation.Assessment takes into account asset risk, code quality and blockchain security to which the assets are deposited.

I like their easy to understand explanation of risks.

For example, take a look at Abracadabra’s MIM. It warns of SPELL being used as collateral which could result in bad debt.

If in doubt, ask!

Finally, I recommend joining the project community groups and ask:

Do they have an insurance fund?

Do they avoid questions?

What are they doing to increase security?

I asked Stargate team if they had an insurance fund in case they get hacked, but it sometimes more difficult to get an answer than I thought, which poses red flags.

But whatever happens, DeFi is still young, so better not to put all your assets into one protocol.

Do you have more useful tips how to evaluate projects and protect your assets?

Comments

All Comments

Recommended for you

  • A Total of 37,212.18 DMD Permanently Burned Over the Past 7 Days

    July 9, 2026 — According to the latest on-chain data released by DMDAO, a total of 37,212.18 DMD has been permanently burned over the past seven calendar days through the protocol's predefined trading and wealth management burn mechanisms.

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.